Bug Hunting Isn’t Enough; DeFi Code Should be Financial-Attack Proof: Quantstamp's Richard MabZX exploits showed financial attack vectors should be included in smart contract audits and tests, Ma said.